Add license

Reviewed-on: #8

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2023 Matthew Slowe (foo@mafoo.org.uk)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -65,15 +65,29 @@ zones:
         - 10 mta2.example.com
 ```
 
+## Aliases virtual type
+There is a virtual record type `aliases` which is a list of names to CNAME to this record.
+
+For example:
+
+```yaml
+zones:
+  example.com:
+    "@":
+      A: 10.54.22.9
+      aliases:
+        - www
+        - ftp
+```
 # Running
 Invoke the docker container with the input yaml file:
 ```bash
-docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-beasts-dns mafoo.org.uk.yml
+docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-dns mafoo.org.uk.yml
 ```
 
 ## Dry run
 Pass the environment variable `DRY_RUN` to prevent any changes:
 
 ```bash
-docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-beasts-dns mafoo.org.uk.yml
-```
+docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-dns mafoo.org.uk.yml
+```

manage-dns.pl

@@ -15,6 +15,10 @@ my $ua = LWP::UserAgent->new;
 my %seen;
 my $DRY_RUN = $ENV{DRY_RUN};
 
+my @to_create;
+my @to_delete;
+my @to_update;
+
 sub _debug {
     print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug};
 }
@@ -40,9 +44,9 @@ my %supported_types = (
     MX => "yes",
     NS => "yes",
     PTR => "yes",
-    SSHFP => "not yet implemented",
+    SSHFP => "yes",
     SRV => "yes",
-    TLSA => "not yet implemented",
+    TLSA => "yes",
     TXT => "yes",
 );
 sub is_unsupported($) {
@@ -136,6 +140,17 @@ sub format_record($$$$) {
         $record->{caa_property} = $property;
         $record->{caa_tag} = $property;
         $record->{data} = $data;
+    } elsif ($type eq 'SSHFP') {
+        my ($algo, $keytype, $data) = split(/\s+/, $value);
+        $record->{sshfp_type} = $keytype;
+        $record->{sshfp_algorithm} = $algo;
+        $record->{data} = $data;
+    } elsif ($type eq 'TLSA') {
+        my ($usage, $selector, $matching, $data) = split(/\s+/, $value);
+        $record->{tlsa_usage} = $usage;
+        $record->{tlsa_selector} = $selector;
+        $record->{tlsa_matching} = $matching;
+        $record->{data} = $data;
     }
 
     return $record;
@@ -158,6 +173,19 @@ sub reformat_data($$) {
             $data->{caa_property} || $data->{caa_tag},
             $data->{data}
         );
+    } elsif($type eq 'SSHFP') {
+        return sprintf('%d %d %s',
+            $data->{sshfp_algorithm},
+            $data->{sshfp_type},
+            $data->{data},
+        );
+    } elsif($type eq 'TLSA') {
+        return sprintf('%d %d %d %s',
+            $data->{tlsa_usage},
+            $data->{tlsa_selector},
+            $data->{tlsa_matching},
+            $data->{data},
+        );
     }
 
     return $data->{data};
@@ -180,41 +208,22 @@ sub check_and_update_record($$$$$) {
         if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) {
             # Update the record
             $record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone};
-            _debug("Update ", $url, $record, to_json($record));
-            unless ($DRY_RUN) {
-                my $res = $ua->put(
-                    $url,
-                    "Content-Type" => "application/json",
-                    "Content" => to_json({ records => [ $record ] }),
-                );
-                warn "Failed to update $url: " . $res->status_line unless $res->is_success;
-            }
+            _debug("Will update ", $url, $record, to_json($record));
+            push(@to_update, [$url,$record]);
         }
     } else {
         # Create new record
         my $new = format_record($zone, $type, $host, $value);
-        _notice("Created new record: %s %s %s", $host, $type, $value);
-        _debug($new);
-        unless ($DRY_RUN) {
-            my $res = $ua->post(
-                $url,
-                "Content-Type" => "application/json",
-                Content => to_json({
-                    records => [ $new ]
-                })
-            );
-            warn "Failed to create $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
-        }
+        _notice("Will create new record: %s %s %s", $host, $type, $value);
+        push(@to_create, [$url,$new]);
     }
 }
 
 sub delete_record($$) {
     my ($zone, $record) = @_;
-    return if $DRY_RUN;
-
     my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}";
-    my $res = $ua->delete($url);
-    warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    _notice("Will delete: %s %s %s", $record->{host}, $record->{type}, $record->{data});
+    push(@to_delete, $url);
 }
 
 foreach my $z (keys %{$in->[0]->{zones}}) {
@@ -268,10 +277,46 @@ foreach my $z (keys %{$in->[0]->{zones}}) {
                 }
             }
             unless ($skip) {
-                _notice("Delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
+                # _notice("Will delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
                 delete_record($z, $record);
             }
         }
     }
-    _info("Finished processing %s", $z);
+    _info("Finished pre-processing %s", $z);
+}
+
+unless($DRY_RUN) {
+    _info("Applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
+
+    # Delete
+    foreach my $url (@to_delete) {
+        my $res = $ua->delete($url);
+        warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    }
+
+    # Create
+    foreach my $record (@to_create) {
+        my $res = $ua->post(
+            $record->[0],
+            "Content-Type" => "application/json",
+            Content => to_json({
+                records => [ $record->[1] ]
+            })
+        );
+        warn "Failed to create $record->[0]: " . $res->status_line . "\n" . $res->content unless $res->is_success;
+    }
+
+    # Update
+    foreach my $record (@to_update) {
+        my $res = $ua->put(
+            $record->[0],
+            "Content-Type" => "application/json",
+            "Content" => to_json({ records => [ $record->[1] ] }),
+        );
+        warn "Failed to update $record->[0]: " . $res->status_line unless $res->is_success;
+    }
+
+    _info("Finished applying changes")
+} else {
+    _info("DRY RUN: Skipped applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
 }